Elections Ontario Privacy Breach

Elections Ontario has just disclosed that they lost USB drives containing personal information on as many as 2.4 million voters. The USB drives were supposed to be password-protected, encoded and kept in a locked area accessible only to specific staffers – but were not. The Ontario Privacy Commissioner, Ann Cavoukian, is investigating. Her initial comment:

I am deeply disturbed that a breach of this extent, the largest in Ontario history, involving millions of individuals, could happen at Elections Ontario — the agency charged with protecting the integrity of our electoral process. . .

It is my expectation that personally identifiable information will not be stored on USB keys, laptops or other mobile devices — full stop. That is the message I have repeatedly given over the years.

This reminds us that:

  • A significant proportion of privacy breaches are caused by internal issues – not external hackers or thieves.
  • Any device small enough to be carried or lost is a prime candidate for data loss. Avoid keeping personal or sensitive information on them whenever possible, and if you must do it, make sure it is encrypted, and not accessible by a simple password.
  • Information security policies are useless if they are not followed.


  1. Gary P Rodrigues

    Based on my experience with human nature and the frenetic activity associated with elections, it is more than likely that the missing USB Drives were placed in a drawer and forgotten about.
    Unfortunately, someone will come across them and discard them rather than admit that they had been misplaced.

  2. You’re probably right Gary, but it doesn’t answer the question of what that information was doing on unencrypted thumb drives in the first place.

  3. David Collier-Brown

    It’s really very regrettable that governments, including our own, don’t use work that the U.S. did circa 1976, and require use of reasonably secure systems of the “Orange Book” sort.

    Those had “mandatory access controls” (MAC), so that no matter how much you wanted to write CONFIDENTIAL information to an UNCLAS device like a thumb drive, you couldn’t.

    The systems of the era were a nuisance to administer, but perfectly normal-looking to an end user. I was a Multics user in the day and didn’t even realize there was such a thing as MAC controlling what I could do.

    If we *really* wanted military-grade security in Canada, we could require the use of the (U.S) NSA’s “Security Enhanced Linux”, with a security policy provided by a suitably informed government department, and be able to enforce what right now is a rule that anyone can accidentally break.

    Alas, this might cost money and time, so I suspect we really prefer breaches, and paying to clean up after the fact.